25th November to 26th November 2013,
London, United Kingdom

It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred on by the ever growing cyber threat across the globe. It is against this backdrop that SMi are launching their 3rd annual Oil and Gas Cyber Security 2013 conference.

Drawing on two years of successful events in the cyber security sector, SMi’s 3rd Annual Oil and Gas Cyber Security conference aims to provide attendees with a information-packed agenda with representatives from across the industry and the globe. The two day event and post conference workshop aim to cover emerging threats and technological advancements, regional focuses from the Middle East to North America, investments and board level by ins and cyber security development and the issues hindering growth.

The event is the perfect platform for hearing about lessons learnt in the field from oil and gas operators. SMi’s 3rd annual Oil and Gas Cyber Security Conference is an opportunity for companies within the industry to talk to leading experts who are currently working against cyber threats. This will be a unique opportunity to hear about the advances within the industry and one that you cannot afford to miss.

Hear about recent advancements in the industryDiscover the latest technology used in the fight against cyber threatsEvaluate current methods for penetration testingLearn about cyber security investment and board level by-insDevelop ideas to improve SCADA systems

9:10 From traditional Information security to an IS multilayer management Model - PDO IS Journey

• PDO transformation journey in managing information security
• Our evolution and education from using the traditional model of securing infrastructure to where we are today
• Adopting a three dimensions model, based on a Risk oriented approach anchoring on ISO 27001 standard to identify various types of threats and vulnerabilities and manage them commensurate with PDO business imperatives
• Insights and learning’s from PDO iSecure campaign

9:50 Drivers for security initiatives

Sinclair Koelemij , Technical lead EMEA , Honeywell Process Solutions

How do different companies in the process industry approach security initiatives and what are the advantages of the different approaches? The presentation will discuss the four main security project drivers:

·Technology as a security project driver

·Compliance to a standard as a security project driver

·Security audit / assessment as a security driver

·Security risk management as a security driver

The advantages, disadvantages and differences of these four approaches will be talked about and the audience will be offered an overview of the various pitfalls to be wary of for the different methods. We will discuss the circle of assess, remediate, manage / monitor security and how this circle can be established.

In short, the presentation is about “I am aware we need to improve our cyber security, but what are my options, what are my objectives, what is necessary to make progress building an effective cyber security for my plant?”

10:30 Morning Coffee

Cyber security threats continue to increase in both frequency and sophistication. The industry is getting more automated, integrated and interconnected, creating a real challenge being faced. To manage risk effectively in our industrial domains, technology, standards, policies and practices are not enough, people are crucial!

• A standardized foundational set of skills, knowledge and abilities for Industrial Cyber Security across the industry is lacking.
• There is a need for a standardized, vendor-neutral, certification program that provides structure and demonstrated competence.
• An ICS professional needs a hybrid set of experience and competencies that can be roughly divided in 4 domains - IT, Cyber Security, Engineering, and Corporate/Industry standards.
• The approach to create this training and certification program is an industry effort, where private-public organizations from different backgrounds work together

12:20 Networking Lunch

• Learn the benefits of empowering the employee through the use of mobility.
• Review the steps that businesses need to take to evaluate and implement mobility
• Analyse the rise of BYOD and how organisations can ensure device compliance through an advanced compliance engine.
• Identify the methods needed to create a customised corporate container to store and secure sensitive company documents.
• Maximise data loss prevention in mobility and avoid security breaches of corporate data.
• Determine the best practices for implementing a mobility management solution to minimize the challenges and risks that come with BYOD

14:10 Secure the Engineers- Building a security awareness programme targeted for ICS staff

Tim Harwood, Security Capability Lead, SANS Institute

14:50 The power of cyber resilience – managing risk and recovering from breaches

Alan Calder, CEO, IT Governance Ltd

• There have been several attacks targeted at oil and gas firms in the last two years
• Good risk-mitigation strategies can reduce cyber risk, but they cannot eliminate cyber attacks
• Oil and gas companies need to assume a breach will happen and prepare accordingly
• An organisation’s ability to respond to and recover from security breaches – its cyber-resilience – is fundamental to its risk management strategy
• Information security standards are an important element in building a strong, resilient information and communication infrastructure
• This session will examine cyber risk in the oil and gas sector, the pervasiveness of cyber-incidents and the key steps in building a cyber-resilience strategy

16:40 CCI: A success story on collaboration in Industrial Cyber security

Samuel Linares, Director, Industrial Cybersecurity Centre

• Describing the setting of the industrial cyber security: current situation, lacks and needs
• The Actors: description of main stakeholders and supposed roles.
• The Screenplay: the good, the bad and the ugly. Who is who?
• The Challenge: making a good film (and make the actors happy and rich). How to deal with objectives from different sources could become barriers to the deployment of cyber security measures,
• The Solution: Collaboration as a key aspect of Industrial cyber security.
• The Film: industrial cyber security centre as a successful case on collaboration in industrial cyber security

8:30 Registration & Coffee

9:00 Chairman's Opening Remarks

9:10 How the O&G Industry is identifying and mitigating threat vectors

Claudio Lo Cicero, Head of Global Information Security, Maersk Oil

• Advanced Persistent Threats (APTs): What is old is new again
• The Front Lines: Employees ARE your first line of cyber defense
• Active Monitoring and Security Analytics: Pro-active or reactive
• Managed Security Services v2.0: Smart enterprise security or not
• Supply Chain Security: Risks and countermeasures

9:50 Converging requirements for safety and security in this cyber connected world

10:30 Morning Coffee

11:00 Identifying key security threats and how to focus on protecting assets that really matter

The potential impact of a security incident within the oil and gas industry is significant! Within this sector there are a number of key business areas that have significant security risks. These include: security of the operational technology e.g. industrial control systems on rigs - where a security incident could have a significant impact on the environment or loss of revenue, sensitivity of core business information around exploration of new oil and gas fields - data loss leading to a loss of revenue, mergers and acquisitions, securing the financial and operational due diligence to ensure share price is appropriate. Oil and Gas organisations need to identify and protect their assets appropriately in order to ensure they have greater opportunities to maximise their business's potential from emerging technologies and identity new business opportunities. This presentation will outline some of the key security threats and explore how organisations can focus on protecting those assets that really matter, enabling them to combat threats to their organisation.

11:40 Panel Discussion- the changing landscape of cyber security

Michela Menting, Senior Analyst, Cyber Security Research Service, A B I Research

Iain Brownlie, Senior Consultant, Safety Solutions Group, ABB Limited

Martin Smith, Chairman, The Security Awareness Special Interest Group

12:20 Networking Lunch

13:40 Advanced Persistent Threats (APT) – update from the front line

David Spinks, Operational Risk Management, CSIRS

Focus of this presentation will be intelligence gathered from forensic investigations of recent attacks to Critical National Infrastructure. The presenter where possible will provide details of:
• Insider threats
• Social engineering
• Malware
• Zero day attacks
• Losses
For each of these attack/threat vectors the presentation will include recommended actions and strategies to detect and defend against such threats. The implementation of methods such as SIEM and use of Big Data are discussed as are sources of threat intelligence and information

14:20 Cyber security - the weaponization of malware and the consequences

• Overview of the last decade of cyber weapons
• What are the specific challenges that cyber weapons pose to the industry
• How do we address these issues and reduce our exposure to future attacks
• How should we strategise when planning our defences?

15:00 Afternoon Tea

Michela Menting, Senior Analyst, Cyber Security Research Service, A B I Research

• Current regulatory landscape in North America and Europe
• National cyber security strategies and the protection of critical infrastructure
• What the changing policy environment means for operators of oil & gas installations
• Adapting to new compliance mechanisms

16:10 Cyber security governance: how to engage company top management

Andrea Rigoni, Director General, GCSEC Global Cyber Security Center

• Description of the typical approach to cyber security governance in oil and gas companies
• Events and lessons learned from the recent incidents in the sector
• How the governance model should evolve to engage the top management in cyber security decisions
• Examples of approaches adopted by oil & gas companies
• Future challenges

Workshops

Workshop

Marriott Regents Park

128 King Henry's Road
London NW3 3ST
United Kingdom

This 4 star north London hotel in zone 2 is the perfect destination for the astute business traveler as well as the leisure guest that knows how convenient north London hotels are, as a base from which to explore the city .Bond Street is just 3 stops from Swiss Cottage underground station on the Jubilee Line, so you can be shopping, exploring the sights and taking in one of London’s world-renowned West End shows in less than 15 minutes when you stay at this hotel near central London. At the same time, the hive of activity that is Camden Town, the chic shops, cafes and restaurants of Primrose Hill and ZSL’s London Zoo in Regents Park are all just a short walk from this hotel in north London.

Cookie Policy

From May 2011 a new privacy law came into effect across the EU. The law requires
that websites ask visitors for consent to use most web cookies. We use cookies to
ensure you get the best experience on our website –Tick here to accept cookie use
Details of our cookie use may be found here.

WHAT IS CPD?

CPD stands for Continuing Professional Development’. It is essentially a philosophy,
which maintains that in order to be effective, learning should be organised and
structured. The most common definition is:

‘A commitment to structured skills and knowledge enhancement for Personal or Professional
competence’

CPD is a common requirement of individual membership with professional bodies and
Institutes. Increasingly, employers also expect their staff to undertake regular
CPD activities.

Undertaken over a period of time, CPD ensures that educational qualifications do
not become obsolete, and allows for best practice and professional standards to
be upheld.

CPD can be undertaken through a variety of learning activities including instructor
led training courses, seminars and conferences, e:learning modules or structured
reading.

CPD AND PROFESSIONAL INSTITUTES

There are approximately 470 institutes in the UK across all industry sectors, with
a collective membership of circa 4 million professionals, and they all expect their
members to undertake CPD.

For some institutes undertaking CPD is mandatory e.g. accountancy and law, and linked
to a licence to practice, for others it’s obligatory. By ensuring that their members
undertake CPD, the professional bodies seek to ensure that professional standards,
legislative awareness and ethical practices are maintained.

CPD Schemes often run over the period of a year and the institutes generally provide
online tools for their members to record and reflect on their CPD activities.

TYPICAL CPD SCHEMES AND RECORDING OF CPD (CPD points and hours)

Professional bodies and Institutes CPD schemes are either structured as ‘Input’
or ‘Output’ based.

‘Input’ based schemes list a precise number of CPD hours that individuals must achieve
within a given time period. These schemes can also use different ‘currencies’ such
as points, merits, units or credits, where an individual must accumulate the number
required. These currencies are usually based on time i.e. 1 CPD point = 1 hour of
learning.

‘Output’ based schemes are learner centred. They require individuals to set learning
goals that align to professional competencies, or personal development objectives.
These schemes also list different ways to achieve the learning goals e.g. training
courses, seminars or e:learning, which enables an individual to complete their CPD
through their preferred mode of learning.

As a formal provider of CPD certified activities, SMI Group can provide an indication
of the learning benefit gained and the typical completion. However, it is ultimately
the responsibility of the delegate to evaluate their learning, and record it correctly
in line with their professional body’s or employers requirements.

GLOBAL CPD

Increasingly, international and emerging markets are ‘professionalising’ their workforces
and looking to the UK to benchmark educational standards. The undertaking of CPD
is now increasingly expected of any individual employed within today’s global marketplace.

CPD Certificates

We can provide a certificate for all our accredited events. To request a CPD certificate for a conference , workshop, master classes you have attended please email events@smi-online.co.uk